Jump to content


Photo
- - - - -

Windows 7x64 Redirect Hijack Chrome,FF,IE

hijack redirect google

  • This topic is locked This topic is locked
36 replies to this topic

#21 infectedturtle

infectedturtle

    New Member

  • Members
  • Pip
  • 21 posts

Posted 09 May 2012 - 10:46 PM

OTL Extras logfile created on: 5/9/2012 8:36:01 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lucas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 51.15% Memory free
11.90 Gb Paging File | 8.50 Gb Available in Paging File | 71.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 185.55 Gb Total Space | 73.48 Gb Free Space | 39.60% Space Free | Partition Type: NTFS
Drive D: | 384.82 Gb Total Space | 336.30 Gb Free Space | 87.39% Space Free | Partition Type: NTFS
Drive V: | 465.76 Gb Total Space | 81.28 Gb Free Space | 17.45% Space Free | Partition Type: NTFS

Computer Name: DEATHWING | User Name: Lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D49986-0F1A-45EC-A280-BA1E1BFCA5D5}" = rport=445 | protocol=6 | dir=out | app=system |
"{0E547AD4-6C7D-4922-B0A5-57AA32EF4210}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1F6D502C-2C4E-4458-B162-5F8517D27BBB}" = rport=137 | protocol=17 | dir=out | app=system |
"{41B34316-FA7D-432B-9A5E-73C2242E7EFF}" = lport=139 | protocol=6 | dir=in | app=system |
"{51BC914D-F727-4CC5-BF5D-E19340C09CB9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{69047C5D-1F28-4D19-96F8-826821DBC526}" = lport=445 | protocol=6 | dir=in | app=system |
"{74E8E680-3E8B-433B-8861-9A3D3E80E179}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EC1554B-4196-45A1-8680-67748C427655}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8AE60E59-2B45-47D7-ABB5-0356FB9EE0B3}" = lport=137 | protocol=17 | dir=in | app=system |
"{95A2FD3C-5F06-48C8-BF89-9D845DFA1A21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98A86C84-D4CD-4E09-9B69-6AE3A3B57E0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9952FB3F-F5BB-48F9-B8F7-44BE8C168CC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DA80E49-0E77-437A-8EF9-78B7ED46A596}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A69A412E-0C74-423D-9B94-8D75F294D6BF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8DD4062-C724-46BE-A078-760C18609C13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD3283D1-98F0-461B-816B-A7220ABDFFC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B011C823-BEF8-471A-9441-6FEE9D680D4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{BD336E05-35AF-4E31-A90F-E7E6FC940E6B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1EA5AA9-D05F-4EC7-8F35-20BE2CB12619}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA101BE4-0B88-46A5-A1AB-F726B82D613D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{CE90214D-703F-41F0-B80A-217E0D4885A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D35FB18C-6703-4C3D-B692-2997BBC4F26D}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC2D579D-3726-44FB-81CC-10625884C111}" = rport=138 | protocol=17 | dir=out | app=system |
"{DEF646C2-C0CF-4802-B1B2-600D3AB5B28F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1F20752-9FF5-4A46-A21C-9E8977C0EA7F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFBB33F3-CA20-4F89-B901-C0DB6BAF09A7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D79D47-765C-4C44-8716-98EDA7F0B05F}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{0755C145-E940-4A0F-81F3-AC938D5E838C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{076D6C45-551D-4A5F-BB33-EE2C703E4768}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0A5AD457-2F44-4605-96C7-7C37996E20FA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D69519C-73E2-4B26-A72B-860A679824FC}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{0EC6CFBE-78EE-4085-8466-95C43BE081F3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{16214C53-3B30-43B3-9C15-BABBF9FC6FEE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{165EE9F6-7E9C-4596-9711-7C918ECA35DB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{19A3DDE1-B234-412B-AB80-E6D5D6C89789}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E79C1D1-AFD5-479B-8E26-0FA730F091AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F312B0F-523F-4657-8908-B1F9B39B1BF3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{21E0959A-EEB6-4E22-AF03-F109DCED3CD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24C638BB-4651-42AA-A593-E7E01293DEC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2B800D48-E6C2-4398-B637-AD00A2BB6E4D}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{3C3B3988-5CEF-464B-A775-80E4EEAAA75B}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |
"{3E2BF12D-4D24-4389-8407-2A4E0F62AEA9}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3E9B38BA-1BCE-4153-AFE0-1FFAFDBA117F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4244EDDD-2E43-4893-A2B9-A08C1F50DAA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4280E864-B11B-4E01-88AD-CFC7288033D1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{4BD35305-41A5-4013-985C-E4C19AFE795D}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D7DF199-37B3-488B-8793-29B57CC9C48D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{52B082D7-88F9-4138-B651-B671088F3F6A}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{53F1D0AD-E211-48F4-9960-3AD539A18A98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe |
"{555358B1-1C58-49EA-AFAE-D6F3DCA356F0}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe |
"{5857BE5D-093C-41DC-A65C-9856DA064D8A}" = protocol=17 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{62BB5FC2-6854-4FB6-8785-3AC24715CAE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64BFF7EE-E9DF-4148-89EC-E691EFB09D99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6DFA3FB7-5DC4-49DC-B596-884D8A0AFF01}" = protocol=6 | dir=in | app=c:\users\lucas\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6E14714F-017B-4A6F-8C9F-282524C31493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74E41ADC-B2D3-4449-873B-E15D955A693F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A92038B-D1B9-408F-9A1C-DD6B59D958B7}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{7F27402E-9AD7-420A-8765-2EBA15B42C83}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"{8189EA91-D5A8-4784-B1E5-77BB4914B61C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{83D90476-0F73-418D-B83E-9A40B42E14E7}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe |
"{860D8CF8-FFD2-40EA-9DD7-BB2E3616C472}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\snuggle truck\snuggle truck.exe |
"{878187EE-E950-4AA6-A4B8-5023B2E32A46}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{88959DEC-CBBF-4BC3-B9BE-D4C13EB11F49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8BF12400-7337-4C04-9433-775863E3A22C}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe |
"{8D1E7393-C817-4116-BE65-C8FB6304FAF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8DF5B141-B7C6-4F69-A4DB-9FD206752E0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{906F72CD-2DEF-4897-B9C4-E9D8ED128840}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{94A2A794-CCB3-4818-9F69-C4022B1D959D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{953F23BD-4876-4FFC-83ED-67903CDBE8FA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{954D4F35-40C2-484B-AF95-9FB034F6FB8D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95A8ED67-1A2A-4DC3-BF54-372CCFBE7B0A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\inputserv.exe |
"{95B84ED9-4916-4B87-84FD-F80E391725C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9852AEDE-5D97-4E47-8C1C-C2E547422E1E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9F02C85D-441E-47C7-9C53-83C9A9B0FC94}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F9C8142-1340-4B00-B83E-DE76BD2E4571}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0AF4E54-C6D3-482F-9E1D-D15A8EEBA2A8}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{B1D0C305-A779-4741-AA36-2037EEEC6A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B2EF2011-5C1E-4AC6-9258-D165A3548E24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6042080-540C-4DC9-80B0-81A77B93C014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA2CAB99-FEC0-48F2-AFE7-E42377A63E5A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srlogin.exe |
"{CAAD8350-BF6B-4930-BFEB-E6ACA4A2B80B}" = protocol=6 | dir=out | app=system |
"{CDDF97B1-9C14-4D05-A30D-26485B383479}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"{CF22F183-A128-4612-9F8A-7DAFFE2CC8BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{D2868EE2-D511-436A-B284-328F92ABE627}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D3FE344F-395F-4600-8ABA-4CAFB78895C2}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe |
"{DCBB9DBD-1A05-431D-9F00-9D2B500D738C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe |
"{DDB38C2E-D5EB-405F-B627-1DAE330B165D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7197AB7-6BAB-4F7A-8A50-ADB613FFA1A8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EF652DEE-35FA-4F77-BFC5-DEC6978F5713}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe |
"{F6F3A91A-A946-4980-B80C-478B3E49419A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FE4845ED-11BE-4716-8A38-521EB6DF6DFB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{2CB272B9-BD52-4273-9336-2E22F0589C06}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{91C08A13-C715-47BF-9320-D403AE710D75}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"TCP Query User{A477644C-926E-4231-8251-A2D7B9C9A953}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |
"TCP Query User{ECB7B1E9-D27A-44A2-B990-312A29AD0AC2}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe |
"TCP Query User{F55B1B18-36AB-45C4-A306-76EEBB9B0033}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{25C05CE1-D6C2-4B8C-B9AC-25DAF847DE1A}C:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\omghahalol\counter-strike source\hl2.exe |
"UDP Query User{B4804827-2ACF-44A8-B98E-539D297590C5}C:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lucas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C31320E2-4838-4F1F-BD2C-2CFD5056104A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{EA63E4F3-A1AB-4607-870D-34645A20E634}C:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\musicbrainz picard\picard.exe |
"UDP Query User{F428297E-1B32-4804-B150-A16912D4F33F}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{07E570C2-CEFF-4AA4-BDA7-DA2B4CDD3E62}" = Fresco Logic USB3.0 Host Controller
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java™ 7 Update 2 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B0F1D023-EF17-43DF-A702-25E0FFFE4129}" = TortoiseGit 1.7.7.0 (64 bit)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
"{C27D5B91-DA53-3AEB-5CD5-5F6E0C87459A}" = AMD Catalyst Install Manager
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{EA01EDC3-CFB8-47DA-8C74-53069EB0BD00}" = ASUS Android USB Drivers
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics TouchPad Driver
"TeraCopy_is1" = TeraCopy 2.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A53800-BA75-3E9E-BD52-10171E5640B6}" = CCC Help Greek
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0296D4D2-DA68-2DFD-5AC1-6FB04354A86E}" = PX Profile Update
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04098274-E98C-86E3-1B2C-50E32E561DF5}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}" = CCC Help Norwegian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{163A486D-BE65-487E-98D9-F5298F3D5E15}" = PhotoTools 2.5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}" = CCC Help French
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2D049D1D-CA58-9652-B7C6-19CB98649923}" = CCC Help Dutch
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{32A3A4F4-B792-11D6-A78A-00B0D0160270}" = Java™ SE Development Kit 6 Update 27
"{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}" = CCC Help Swedish
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4741965C-AFD0-4D00-81D1-1039F96D4DC3}" = HP SimplePass 2011
"{480DCAD1-8670-66EA-8EBA-178047059A13}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}" = CCC Help Finnish
"{53CF3920-648B-4F99-8D05-6A6C5298F57B}" = Adobe Creative Suite 5.5 Design Standard
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 7.57
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display
"{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}" = CCC Help Danish
"{60070423-DE0B-59FF-D4B7-16BDB8957864}" = CCC Help Portuguese
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74FBB537-8915-329D-393E-FDB7DC69A339}" = CCC Help Japanese
"{755F4903-030D-B017-30F2-4D5BE92C8D38}" = CCC Help Italian
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{896C4E12-4857-9715-9F9D-249561D2D7EE}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{968298EC-86D4-8F84-5ABC-E976C5CDA417}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{A99BE117-F10C-470D-AE6D-DC2889F5F24E}" = Avadon
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BBDD3C95-E069-E346-6D1B-CC76AE448550}" = CCC Help Chinese Standard
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = Catalyst Control Center
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D61F78AF-A111-9DAE-8368-E3230B168F03}" = CCC Help Polish
"{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}" = CCC Help Russian
"{D8CABEA0-CAFB-9320-5F46-EAF31535203F}" = CCC Help Turkish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}" = CCC Help Hungarian
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}" = CCC Help Chinese Traditional
"{FC8292ED-7E61-4370-15D1-60171263AA1D}" = CCC Help Czech
"{FD207C2C-A7FF-332A-AC85-5A5ACED6F31B}" = Google Talk Plugin
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Afterburner" = MSI Afterburner 2.1.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Midi Decoder" = dBpoweramp Midi Decoder
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"FreeCommander_is1" = FreeCommander 2009.02b
"Git_is1" = Git version 1.7.9-preview20120201
"HandBrake" = HandBrake 0.9.5
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Launchy_21344213_is1" = Launchy 2.6 Beta 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 10.0.2 (x86 en-US)" = Mozilla Thunderbird 10.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MusicBrainz Picard" = MusicBrainz Picard
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProInst" = Intel PROSet Wireless
"PuTTY_is1" = PuTTY version 0.61
"SABnzbd" = SABnzbd 0.6.12
"StarCraft II" = StarCraft II
"Steam App 111100" = Snuggle Truck
"Steam App 300" = Day of Defeat: Source
"Steam App 4000" = Garry's Mod
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"TightVNC" = TightVNC 2.0.4
"TrueCrypt" = TrueCrypt
"TurboTax 2011" = TurboTax 2011
"VLC media player" = VLC media player 2.0.0
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinMerge_is1" = WinMerge 2.12.4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1039735209-2586580631-372817727-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 3:45:39 AM | Computer Name = Deathwing | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 4/18/2012 10:31:54 AM | Computer Name = Deathwing | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 9/9/2011 5:08:19 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109020801.xml
File not created by asset agent

Error - 9/9/2011 5:13:33 PM | Computer Name = Deathwing | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091109021331.xml
File not created by asset agent

[ HP Connection Manager Events ]
Error - 4/11/2012 11:55:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/11 20:55:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 4/11/2012 11:56:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/11 20:56:33.169|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 4/11/2012 11:57:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/11 20:57:33.167|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 4/11/2012 11:58:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/11 20:58:33.165|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 4/11/2012 11:59:33 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/11 20:59:33.162|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 4/12/2012 12:00:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/11 21:00:33.160|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 4/12/2012 12:01:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/11 21:01:33.173|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 4/12/2012 12:02:33 AM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/11 21:02:33.171|00001AA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 4/16/2012 11:36:24 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/16 20:36:24.007|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 4/16/2012 11:36:28 PM | Computer Name = Deathwing | Source = hpCMSrv | ID = 5
Description = 2012/04/16 20:36:28.990|00001814|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Software Framework Events ]
Error - 4/30/2012 11:05:10 PM | Computer Name = Deathwing | Source = CaslSmBios | ID = 5
Description = 2012/04/30 20:05:10.602|00001174|Error |[CaslWmi]XmlTools::Validate{hpCasl.enReturnCode(string,string)}|The
'schemas-hp-com.casl:TechnologyType' element is invalid - The value '' is invalid
according to its datatype 'schemas-hp-com.casl:technologyTypeValue' - The Enumeration
constraint failed.

Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5
Description = 2012/05/02 09:37:50.076|00000F04|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 5/2/2012 12:37:50 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5
Description = 2012/05/02 09:37:50.330|00000F04|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 12:41:37 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5
Description = 2012/05/07 21:41:37.153|00001844|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 9:35:36 AM | Computer Name = Deathwing | Source = CaslWmi | ID = 5
Description = 2012/05/08 06:35:36.442|00001784|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 11:15:12 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5
Description = 2012/05/08 20:15:12.203|00000FC8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/8/2012 11:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5
Description = 2012/05/08 20:23:25.940|000018E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5
Description = 2012/05/09 09:21:42.638|0000140C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 5/9/2012 12:21:42 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5
Description = 2012/05/09 09:21:42.816|0000140C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 5/9/2012 12:23:25 PM | Computer Name = Deathwing | Source = CaslWmi | ID = 5
Description = 2012/05/09 09:23:25.173|00001D84|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

[ System Events ]
Error - 5/3/2012 9:31:54 AM | Computer Name = Deathwing | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR10.

Error - 5/3/2012 9:31:55 AM | Computer Name = Deathwing | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR10.

Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034
Description = The Bluetooth Device Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034
Description = The Bluetooth OBEX Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/8/2012 3:09:37 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7034
Description = The Bluetooth Media Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/8/2012 3:13:44 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/8/2012 3:16:44 PM | Computer Name = Deathwing | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 5/8/2012 3:17:12 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/8/2012 10:29:31 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/8/2012 10:32:03 PM | Computer Name = Deathwing | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

#22 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 May 2012 - 10:59 PM

OK, it's late here and I'll get back to you tomorrow am....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#23 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 10 May 2012 - 06:35 AM

While I look over the logs, please confirm for me that you get redirects in all three browsers.

Also can you post the log from MB:

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.


Thanks....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#24 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 10 May 2012 - 08:23 AM

Please do what I mention in the post above first....then:

Please do this:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2011/12/23 23:56:46 | 000,008,846 | -HS- | C] () -- C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u
    @Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd
    @Alternate Data Stream - 1062 bytes -> C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa
    :Commands
    [EMPTYJAVA]
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#25 infectedturtle

infectedturtle

    New Member

  • Members
  • Pip
  • 21 posts

Posted 10 May 2012 - 10:31 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lucas :: DEATHWING [administrator]

5/8/2012 8:14:04 PM
mbam-log-2012-05-08 (20-14-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201952
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.

(end)

#26 infectedturtle

infectedturtle

    New Member

  • Members
  • Pip
  • 21 posts

Posted 10 May 2012 - 10:37 PM

All processes killed
========== OTL ==========
C:\Users\Lucas\AppData\Local\458ffeq4p6hr700641u moved successfully.
ADS C:\ProgramData\Microsoft:ao1VlNx8YbGrn9Wv1Onms6MKZd deleted successfully.
ADS C:\ProgramData\Microsoft:wXz4oHAJVT4QGLZeJNjw8iHdTa deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Lucas
->Java cache emptied: 1494674 bytes

User: Public

Total Java Files Cleaned = 1.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lucas
->Temp folder emptied: 56861689 bytes
->Temporary Internet Files folder emptied: 62597174 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 326331337 bytes
->Google Chrome cache emptied: 314060122 bytes
->Flash cache emptied: 59054 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56659301 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 779.00 mb


OTL by OldTimer - Version 3.2.42.3 log created on 05102012_203231

Files\Folders moved on Reboot...
C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#27 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 11 May 2012 - 06:31 AM

Is there any difference??
Are you using a router??

---------------------------------------

Please do this:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll
    C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
-------------------------------

Reboot and .......


Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#28 infectedturtle

infectedturtle

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 May 2012 - 11:21 AM

Hello, there is no difference, I am still getting the redirects. Yes I am behind a router, no open ports DD-WRT. Do I need to worry about my passwords? I am considering just wiping the drive and starting over, but I wish I didn't have to. I will run your suggestions and report back.

#29 infectedturtle

infectedturtle

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 May 2012 - 12:17 PM

========== FILES ==========
File\Folder C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\sqduxv.dll not found.
File\Folder C:\Users\Lucas\AppData\Roaming\.minecraft\.minecraft\ulbzyvwiq.dll not found.

OTL by OldTimer - Version 3.2.42.3 log created on 05112012_101642

#30 infectedturtle

infectedturtle

    New Member

  • Members
  • Pip
  • 21 posts

Posted 11 May 2012 - 12:22 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lucas :: DEATHWING [administrator]

5/11/2012 10:17:54 AM
mbam-log-2012-05-11 (10-17-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203021
Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#31 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 12 May 2012 - 06:44 AM

Let reset the router:

Shut down the computer and reset the router:
http://www.online-te...fault-settings/

There should be a reset button that you push or hole that you stick a pin to reset the router (usually 10 seconds)
It's usually located on the back of the router, check your owners manual.

If you can't find one, just disconnect the power from the router for about a minute, then reconnect it, let it reset then turn the computer back on and see how it is.

------------------------------------

Then download, unzip and run flush.bat:

http://forums.malwar...attach_id=77835

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#32 infectedturtle

infectedturtle

    New Member

  • Members
  • Pip
  • 21 posts

Posted 13 May 2012 - 03:19 PM

I am afraid there isn't anything wrong with the Router. None of the other computers in the house have the same symptoms. This isn't a DNS thing because if you try to go to the link again, it will work correctly. It is only the first attempt which redirects. My HOSTS file is also healthy.

#33 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 14 May 2012 - 06:28 AM

But did you do the two things I asked you to?

Run IE with out any add-ons, see if there's any difference:
http://news.softpedi...ns-161394.shtml

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#34 infectedturtle

infectedturtle

    New Member

  • Members
  • Pip
  • 21 posts

Posted 14 May 2012 - 09:46 PM

I went ahead and didn't hard reset my router because I do not want to re-setup all of the intricate things I've done (DD-WRT). I also inspected the .bat file because I do not run scripts without knowing what they do and I have already done the things it was slated to do. No effect.

Finally I deleted my user profiles for Chrome and Firefox and we will see if it keeps doing it. I don't ever run IE so that wouldn't have anything to do with the equation.

#35 infectedturtle

infectedturtle

    New Member

  • Members
  • Pip
  • 21 posts

Posted 17 May 2012 - 11:55 AM

Deleting the profiles from Firefox and Chrome and re-syncing from their servers ended up getting rid of the problem. Thanks for your help. Do you believe I should worry about the security of my passwords?

#36 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 17 May 2012 - 12:21 PM

Passwords.....I would certainly keep an eye on the accounts, at best change all the passwords.

A little cleanup to do.

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------


Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Go to your control panels add/remove programs and uninstall all the Java listed and

Then download and install the latest version Java™ 7 Update 4.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#37 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 18 May 2012 - 07:37 AM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users